Summary: | media-libs/jasper: heap-based buffer overflow in jpc_dec_decodepkt (jpc_t2dec.c) (CVE-2017-6852) | ||
---|---|---|---|
Product: | Gentoo Security | Reporter: | Agostino Sarubbo <ago> |
Component: | Vulnerabilities | Assignee: | Gentoo Security <security> |
Status: | RESOLVED FIXED | ||
Severity: | minor | CC: | sci |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
URL: | https://github.com/mdadams/jasper/issues/114 | ||
Whiteboard: | B3 [glsa+ cve] | ||
Package list: | Runtime testing required: | --- |
Description
Agostino Sarubbo
2017-03-27 09:25:46 UTC
CVE ID: CVE-2017-6852 Summary: Heap-based buffer overflow in the jpc_dec_decodepkt function in jpc_t2dec.c in JasPer 2.0.10 allows remote attackers to have unspecified impact via a crafted image. Published: 2017-03-15T14:59:01.000Z Not fixed in current version 2.0.14 https://github.com/mdadams/jasper/issues/114 The bug has been referenced in the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=c70fe723dcfe0fabab75f3a76942207018e83e1f commit c70fe723dcfe0fabab75f3a76942207018e83e1f Author: David Seifert <soap@gentoo.org> AuthorDate: 2019-07-14 10:29:20 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2019-07-14 10:29:20 +0000 package.mask: Last rite media-libs/jasper Bug: https://bugs.gentoo.org/601068 Bug: https://bugs.gentoo.org/614028 Bug: https://bugs.gentoo.org/614032 Bug: https://bugs.gentoo.org/614566 Bug: https://bugs.gentoo.org/619120 Bug: https://bugs.gentoo.org/624988 Bug: https://bugs.gentoo.org/629286 Bug: https://bugs.gentoo.org/635552 Bug: https://bugs.gentoo.org/662160 Bug: https://bugs.gentoo.org/674154 Bug: https://bugs.gentoo.org/674214 Bug: https://bugs.gentoo.org/684826 Bug: https://bugs.gentoo.org/689784 Signed-off-by: David Seifert <soap@gentoo.org> profiles/base/package.use.mask | 23 +++++++++++++++++++++++ profiles/package.mask | 7 +++++++ 2 files changed, 30 insertions(+) This issue was resolved and addressed in GLSA 201908-03 at https://security.gentoo.org/glsa/201908-03 by GLSA coordinator Aaron Bauman (b-man). The bug has been closed via the following commit(s): https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=77aebdf0b31765b33831ca5b02ea3d98f13c46cd commit 77aebdf0b31765b33831ca5b02ea3d98f13c46cd Author: David Seifert <soap@gentoo.org> AuthorDate: 2019-08-27 09:07:01 +0000 Commit: David Seifert <soap@gentoo.org> CommitDate: 2019-08-27 09:07:01 +0000 media-libs/jasper: Remove from tree Bug: https://bugs.gentoo.org/674214 Closes: https://bugs.gentoo.org/601068 Closes: https://bugs.gentoo.org/614028 Closes: https://bugs.gentoo.org/614032 Closes: https://bugs.gentoo.org/614566 Closes: https://bugs.gentoo.org/619120 Closes: https://bugs.gentoo.org/624988 Closes: https://bugs.gentoo.org/629286 Closes: https://bugs.gentoo.org/635552 Closes: https://bugs.gentoo.org/662160 Closes: https://bugs.gentoo.org/674154 Closes: https://bugs.gentoo.org/684826 Closes: https://bugs.gentoo.org/689784 Package-Manager: Portage-2.3.72, Repoman-2.3.17 Signed-off-by: David Seifert <soap@gentoo.org> media-libs/jasper/Manifest | 2 - .../files/jasper-2.0.14-fix-test-suite.patch | 28 --------- media-libs/jasper/jasper-2.0.14.ebuild | 67 ---------------------- media-libs/jasper/jasper-2.0.16.ebuild | 65 --------------------- media-libs/jasper/jasper-9999.ebuild | 65 --------------------- media-libs/jasper/metadata.xml | 11 ---- 6 files changed, 238 deletions(-) |